Lucene search
K

7 matches found

OSV
OSV
added 2023/02/21 9:15 a.m.3 views

CVE-2023-0559

The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.7AI score0.00457EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2020/11/18 12:0 a.m.586 views

WordPress Fancy Product Designer For WooCommerce Cross Site Scripting

About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales. Stored XSS via SVG...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/10/22 7:44 p.m.165 views

Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing

Two open-redirect vulnerabilities in Bridge, a commercial WordPress theme purchased more than 120,000 times, would allow an attacker to mount spearphishing attacks against site administrators. An open redirect vulnerability can be used to hide malicious links behind URLs for legitimate domains. F...

6CVSS7.4AI score0.02606EPSS
Exploits0References4
Prion
Prion
added 2018/05/29 8:29 p.m.12 views

Design/Logic Flaw

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code...

6.5CVSS8.6AI score0.04582EPSS
Exploits2References4Affected Software1
0day.today
0day.today
added 2018/05/25 12:0 a.m.173 views

PHP Login And User Management 4.1.0 Shell Upload Vulnerability

Exploit for php platform in category web applications Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary...

8.9AI score0.04582EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/05/24 12:0 a.m.39 views

PHP Login And User Management 4.1.0 Shell Upload

Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary file upload vulnerability in /classes/profile.class.php...

8.9AI score0.04582EPSS
Exploits2
Patchstack
Patchstack
added 2017/07/21 12:0 a.m.17 views

WordPress IBPS Online Exam plugin <=1.0 - Authenticated Stored Cross-site scripting (XSS) vulnerability

Authenticated Stored Cross-site scripting XSS vulnerability found in WordPress IBPS Online Exam plugin =1.0 versions by 8bitsec. The attack is possible when logged in as a student. Solution 2017.07.29 - We were unable to find information about patched release of WordPress IBPS Online Exam plugin...

1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder